“… The VA’s management of cybersecurity continues to have weaknesses that increase vulnerability to cyber threats, a report published in April by the U.S. Government Accountability Office said.”
“In the case of Tibor Rubin VA Medical Center, the VA OIG determined that 133 patients had sensitive personal information stored in unencrypted emails or text messages. The issues stemmed from a facility provider implementing two workarounds to keep the HRM device in use that didn’t follow VHA and VA privacy and security policies.”
“The facility’s HRM device lost the ability to interface with VHA’s EHR system in 2013 when the VA upgraded from the Windows XP operating system to Windows 7, the OIG said. The workarounds involved use of personal emails, a laptop, a non-encrypted flash drive and electronic storage that weren’t approved by the VA. Facility staff also used prohibited logbooks to track patient information and testing equipment.” Read the full article here.
Source: VA software workarounds put patient data at risk: OIG – By Susan Kelly, August 5, 2019. MedTech Dive.
